Solved: Splunk Search: Night Events for all days

angelo82 · ‎07-24-2012

Good Morning I'm looking for collect in Splunk Search all nights event logs between 08:00 PM and 07:00 AM

i've done this one:

'sourcetype="WinEventLog:Security" earliest=@d-4h latest=@d+7h`

and it's good only for last night

what should i do to collect this time range for all days?

i'm using Splunk 4.3.3

My Thanks in Advance

Ayn · ‎07-24-2012

Extract the hour from the timestamp, then check events that match your conditions (very similar to what I answered in your other recent question). Something like this:

... | eval date_hour=strftime(_time, "%H") | search date_hour>=20 OR date_hour<7

View solution in original post

Ayn · ‎07-24-2012

Extract the hour from the timestamp, then check events that match your conditions (very similar to what I answered in your other recent question). Something like this:

... | eval date_hour=strftime(_time, "%H") | search date_hour>=20 OR date_hour<7

angelo82 · ‎07-24-2012

also this one works perfectly 🙂
thank you more

Regards
Angelo

Splunk Search: Night Events for all days

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation